The present invention relates generally to network security and more specifically for a system and method to enable a single device to establish multiple sessions with a single login.
Network security has become a business critical issue. As a result, there is a need for different applications and systems to authenticate to one another. These authentications occur in an isolated context and result in the establishment of multiple, secure, authenticated sessions.
For example, in the wireless context, an access point may run several different applications or subsystems. As a result, there is a need for the access point to authenticate several times. When multiplied across a network comprising hundreds of access points, this can significantly load the AAA (Authentication, Authorization and Accounting) servers.
Existing single sign-on systems tend to be an optimization on the user side, eliminating the need for the user to continuously log into different applications by hiding subsequent authentications from the user. Typically, the user performs a single login to “unlock” access to secure credentials. These credentials are then used by the single sign-on system to authenticate the user to other applications as required. For example, Kerberos, available from the Massachusetts Institute of Technology and many other commercial products, authenticate a user to a ticketing server. The user requests tickets for each application the user would like to use. When the user starts an application, the tickets are used to establish a secure session with each application by the single sign-on system. The user's device submits the ticket to the authenticator for the application, the authenticator then authenticates the ticket with the ticketing server. Thus, the device is still performing multiple authentications, even though authentications to applications are hidden from the user by the single sign-on system.